Security

Community Activity

HEC token management for HA Hi Splunkers, We have a distributed environment with 2SH, 2 indexers and 1 master. We need to set up HEC with HA. Cu... by deepashri_123 Motivator in Security 01-24-2018 0 1	0	1
How can we find all the searches, Alerts, Dashboard and ... created (saved) by a user? The user has left the company and has been removed from Active Directory (LDAP) he owns several searches, dashboards ... by KooroshFooladba Explorer in Security 01-23-2018 2 6	2	6
Scheduled saved search deleted LDAP user We had a user that setup a scheduled search to run weekly and would send report by email. We are setup for LDAP auth... by deeades New Member in Security 01-17-2018 0 3	0	3
splunk SPL for who disable user AD account ? Just wanted to know Ad account activity who is disable the AD user account ? by merajhussain New Member in Security 01-17-2018 0 2	0	2
can we restrict the access in splunk Suppose i have 6 aws instances sending log to splunk and we have 3 user : 1st is admin can see all 6 instances 2nd is... by anshuman19 Explorer in Security 01-17-2018 0 1	0	1
Splunk for Security vs Qradar vs ArcSight Hello all. Anyone have a comparison between Splunk for Security vs Qradar vs ArcSight. Thank you. by changux Builder in Security 01-16-2018 0 2	0	2
Unable to assign permissions to a Field Extraction for all Splunk Users Hi All, I receive the following error when assigning full permissions to field extractions that I created in splunk.... by zzaveri Explorer in Security 01-12-2018 0 1	0	1
AD Impossible Authentication even if groups are retrieved We are trying to add LDAP accounts in our Splunk Enterprise 7.0.1 We can see that Splunk is retrieving the groups an... by rxlsplunk New Member in Security 01-12-2018 0 5	0	5
What does the capability extra_x509_validation provide for a role? There is very little description on what extra_x509_validation provides in the URLs below, which appears to be a new ... by mkolkebeck Path Finder in Security 01-10-2018 4 2	4	2
Where is the first part of the index home path defined? I've sort of took on Splunk administration for my company so I'm trying to make sense of this as quickly as I can. ... by summitsplunk Communicator in Security 01-10-2018 0 2	0	2
How to restrict a user to a single dashboard? I want to make a role such that a user can only view a single dashboard. They should not be able to access any other... by matstap Communicator in Security 01-10-2018 1 2	1	2
Unable to setup SSL self sign cert on Windows forwarder and Windows Indexer both Running Windows 2k12 I have follow the splunk instruction, on my Windows Indexer server I have created a CAroot.pem fileI have also create... by ron5s1 New Member in Security 01-10-2018 0 2	0	2
How can I automatically rotate Splunk local passwords? All, I've been asked to automatically rotate the local passwords on Splunk every week. It can be predictable. Like ... by daniel333 Builder in Security 01-09-2018 0 2	0	2
What metrics to monitor for Meltdown and Spectre I realize that these are both hardware vulnerabilities but wanted to know. out of the data we are able to collect wit... by iKickFish Explorer in Security 01-09-2018 0 2	0	2
getting Winsock error 10061 We are forwarding logs to a UF->HF-> INDEXER setup for splunk but the logs are not getting thru. We checked the splun... by teddyidc1101 Communicator in Security 01-08-2018 0 1	0	1
Windows: Unknown User Name or Bad Password Hi. How can I distinguish events with Authentication when «Unknown User Name» and when «Bad Password»? Ping me if ... by test_qweqwe Builder in Security 01-06-2018 0 1	0	1
Different authentications for HEC Token Hi, I am following this online doc to test the three authentication for HEC tokens: http://dev.splunk.com/view/event... by lqiao Explorer in Security 01-04-2018 0 9	0	9
WARN TcpOutputProc - Forwarding to indexer group group1 blocked for 10 seconds. Hello there. I am seeing hte subject message in my HEC HWF servers. We are using index discovery and the following is... by brent_weaver Builder in Security 01-04-2018 1 4	1	4
Why is my default app not loading when Users login? I have tried many things and googled, but unable to find a solution to this issue. I have an environment that I have... by Kozanic Path Finder in Security 01-03-2018 0 3	0	3
How to configure exceptions to proxy config in splunk-launch.conf? Hi, to support several external lookups to internet services with APIs I added a proxy configuration to splunk-launc... by flle Path Finder in Security 01-03-2018 0 4	0	4
Is it possible to use LDAP Authentication and Radius Authentication together? Is it possible to use LDAP Authentication and Radius Authentication together? Is it possible to set some kind of prio... by sbbadri Motivator in Security 01-03-2018 0 1	0	1
Permission Denied when checking status of Splunk I get these errors when trying to check the status of SPLUNK after a restart of the device: Pid file "/trvapps/splunk... by pfabrizi Path Finder in Security 01-03-2018 0 4	0	4
SSl Error saying the port number is wrong Trying to connect from vendor UF to our indexer through configuring SSL certificate. We have enabled SSL on both side... by vinaykata Path Finder in Security 01-02-2018 0 1	0	1
timestamp issue I have firewall events coming to my syslog-ng server. The firewall events are in Central European Timezone, so when ... by mcbradford Contributor in Security 01-02-2018 0 4	0	4
How do you check successful brute force logins? Is there a better way to check sucessful brute force logins? raw event (this is a microsoft exchange web access log)... by xsstest Communicator in Security 12-28-2017 0 8	0	8